Heimdal
Home > Cybersecurity News

Pepsi Bottle Ventures Suffers Data Breach After Malware Attack

Threat Actors Had 27 Days to Exploit the Breach and Collect the Exposed Data.

Last updated on February 14, 2023

article featured image

Contents:

Threat actors breached Pepsi Bottling Ventures LLC`s network and successfully installed info-stealing malware.

The incident happened on or around December 23rd, 2022, and the team discovered it 18 days later, on January 10th, 2023.

It took the IT team another 9 days to remediate the breach and secure the system. So, the hackers had around 27 days to exploit the data breach.

The company alerted the authorities and stated, in a sample security incident notice, that:

Based on our preliminary investigation, an unknown party accessed [our internal IT systems] on or around December 23, 2022, installed malware, and downloaded certain information contained on the accessed IT systems.

We took prompt action to contain the incident and secure our systems. While we are continuing to monitor our systems for unauthorized activity, the last known date of unauthorized IT system access was January 19, 2023.

Source

What the Pepsi Data Breach Puts at Risk

According to Pepsi`s investigation, the data breach exposed names, home and email addresses, IDs, and driver`s license numbers. But the incident also exposed financial account information, like passwords, pins, and access numbers. It also revealed extremely sensitive data, like ID cards, social security numbers, passport information, digital signatures, etc.

At the moment, it is not clear how many people`s data were impacted by the malware attack, or if stolen data belongs to employees, customers, or both. This is serious because apart from phishing attacks, threat actors could try to use the data for identity theft.

Mitigation Measures

After they found the incident, the company enforced additional network security measures:

  • They reset all company passwords.
  • They suspended from activity all the affected systems.
  • The company continued checking for more potentially affected records and systems.

The company also urged customers to change their username(s), password(s), and security question answer(s), and take the necessary measures to protect any other accounts that used the same data.

In order to mitigate the identity theft risk, they also offer free identity monitoring services for one year.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Network DNS Security

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

Related Articles

What Is Malware? Definition, Types and ProtectionHow to Prevent Identity Theft With 20 Essential Steps [Updated 2024]Network Security 101 – Definition, Types, Threats, and MoreWhat Is a Data Breach and How to Prevent ItPhishing attacks explained: How it works, Types, Prevention and Statistics

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V